Commit Graph

1213 Commits

Author SHA1 Message Date
Tad
b39b2f2feb
Churn + Picks
Signed-off-by: Tad <tad@spotco.us>
2023-09-21 16:12:28 -04:00
Tad
25f02f4177
14.1 though 17.1: patch CVE-2023-4863, thanks to @syphyr
run tested on 14.1, 15.1, and 17.1
compile tested on 16.0

Signed-off-by: Tad <tad@spotco.us>
2023-09-20 04:16:17 -04:00
Tad
de7d2a2a62
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-09-19 01:53:33 -04:00
Tad
724b742b64
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-09-18 15:34:11 -04:00
Tad
1b4f6d3bd8
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-09-17 01:30:23 -04:00
Tad
095753ffaf
Tweak
Signed-off-by: Tad <tad@spotco.us>
2023-09-17 00:28:29 -04:00
Tad
cbf76ea4eb
18.1+: patch CVE-2023-4863
TODO:
- 17.1 uses v1.0.2, needs backport
  patch for v1.0.3: 8d9916da90

Signed-off-by: Tad <tad@spotco.us>
2023-09-15 14:38:14 -04:00
Tad
cbc5a339e6
20.0: LatinIME patches rebased by @danielk43
closes https://github.com/Divested-Mobile/DivestOS-Build/issues/244

Signed-off-by: Tad <tad@spotco.us>
2023-09-13 15:30:11 -04:00
Tad
5eb6190931
Fixup 15.1/16.0 backport: system/bt: Fix UAF in gatt_cl.cc
thanks to @syphyr for this!

Signed-off-by: Tad <tad@spotco.us>
2023-09-12 16:55:46 -04:00
Tad
3aa7e02455
15.1 September ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-09-11 20:09:30 -04:00
Tad
033c600eac
16.0 September ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-09-11 16:14:15 -04:00
Tad
aa4464d1c4
17.1 September ASB work
+ an August backport from @flamefire

Signed-off-by: Tad <tad@spotco.us>
2023-09-11 01:23:37 -04:00
Tad
84a84c4742
Picks + Churn
Signed-off-by: Tad <tad@spotco.us>
2023-09-10 21:12:24 -04:00
Tad
6e5745143f
Picks
Signed-off-by: Tad <tad@spotco.us>
2023-09-08 20:00:23 -04:00
Tad
b0800a1479
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-09-07 21:23:50 -04:00
Tad
964877bbf6
20.0: September ASB picks
wget b96ee4a2d1.patch -O telephony-01.patch
wget c16e6e78c1.patch -O media-01.patch
wget d5771450d7.patch -O media-02.patch
wget a1370bd00c.patch -O nn-01.patch
wget ce2776f4ca.patch -O bt-01.patch
wget 585f583ef5.patch -O bt-02.patch
wget c9905e7968.patch -O bt-03.patch
wget c93ec045f5.patch -O bt-04.patch
wget 89fb17d172.patch -O bt-05.patch
wget 14aed2455e.patch -O bt-06.patch
wget cd438ebc52.patch -O bt-07.patch
wget 27e7cdc4e5.patch -O nfc-01.patch
wget dfeb4270b8.patch -O launcher-01.patch
wget b1993f6cec.patch -O native-01.patch
wget df4a9362cd.patch -O fwb-01.patch
wget b55563bb9d.patch -O fwb-02.patch
wget a80971a281.patch -O fwb-03.patch
wget 7e173b4383.patch -O fwb-04.patch
wget 44191b1c6b.patch -O fwb-05.patch
wget 8dc8dfe572.patch -O fwb-06.patch
wget 00a4224100.patch -O av-01.patch
wget 21623d1f43.patch -O settings-01.patch
wget fa5ec443d9.patch -O settings-02.patch
wget ba4da9c7b3.patch -O settings-03.patch

Signed-off-by: Tad <tad@spotco.us>
2023-09-06 15:42:52 -04:00
Tad
3e8effa345
ASB cherrypicks
https://review.lineageos.org/q/topic:%22n-asb-2023-09%22

Signed-off-by: Tad <tad@spotco.us>
2023-09-05 20:50:36 -04:00
Tad
0ec3c25d86
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-09-05 20:42:14 -04:00
Tad
ababe54a0c
14.1: Disable dexpreopt
causes many bizarre issues on devices
- apps crashing on certain functions
- apps loading content from other apps
- etc.

Signed-off-by: Tad <tad@spotco.us>
2023-09-04 15:36:57 -04:00
Tad
a17a425265
14.1: Fixup Freetype
90b7894627

Signed-off-by: Tad <tad@spotco.us>
2023-09-03 17:36:24 -04:00
Tad
9e954ea987
Restore face unlock for Pixel 4 series
We keep fingerprint reader blobs, so why not these?

Signed-off-by: Tad <tad@spotco.us>
2023-09-01 20:51:49 -04:00
Tad
6d52d2f6ce
m8: Fix display corruption
Fixes the screen shifting vertically when in a full screen task like camera

Signed-off-by: Tad <tad@spotco.us>
2023-08-31 21:55:13 -04:00
Tad
56b71651c5
Tweak
Signed-off-by: Tad <tad@spotco.us>
2023-08-30 15:22:00 -04:00
Tad
4afb99b6d1
Fixup fc903251
Signed-off-by: Tad <tad@spotco.us>
2023-08-30 12:48:37 -04:00
Tad
8acec36989 20.0: eUICC for all
TODO: move this setting to the cell menu

Signed-off-by: Tad <tad@spotco.us>
2023-08-30 12:41:30 -04:00
Tad
fc9032513f
Update CVE patchers
Likely issue CVE-2023-3773/^6.4

Signed-off-by: Tad <tad@spotco.us>
2023-08-27 17:13:53 -04:00
Tad
bf55f7d572
Remove more face unlock blobs and unbreak camera on Pixel 4 series
Signed-off-by: Tad <tad@spotco.us>
2023-08-26 18:22:51 -04:00
Tad
aa0ab3c1ba
Revert "Try to fixup cell service on crackling"
didn't work

This reverts commit 43e55668fd.
2023-08-25 09:56:20 -04:00
Tad
fa030fcbf4
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-24 21:38:33 -04:00
Tad
52a0c55c41
Fixups
- Revert Freetype branch switching for 15.1+, broken
- Don't include OpenEUICC on Pixel 2 and 3 series, they won't work
- Churn

Signed-off-by: Tad <tad@spotco.us>
2023-08-24 03:06:02 -04:00
Tad
1fde0f9c45
More branch switching, thanks to @syphyr
Signed-off-by: Tad <tad@spotco.us>
2023-08-23 11:05:05 -04:00
Tad
7835c2b2ae
18.1+: Restrict tile usage when locked, credit @GrapheneOS
TODO: backport to older branches

Signed-off-by: Tad <tad@spotco.us>
2023-08-22 17:54:19 -04:00
Tad
8b51c3cd0f
Fixup OpenEUICC inclusion
Signed-off-by: Tad <tad@spotco.us>
2023-08-21 20:00:31 -04:00
Tad
d6c3b6c8fa
More eSIM work
- Add the GrapheneOS package hook mechanism
- Ensure OpenEUICC and EuiccSupportPixel are only enabled in the system user
- Prevent EuiccSupportPixel interactions
- Remove INTERNET permission from EuiccSupportPixel

Signed-off-by: Tad <tad@spotco.us>
2023-08-21 16:50:51 -04:00
Tad
c070e856b2
eSIM enablement via @PeterCxy's OpenEUICC
tested working on bluejay

Signed-off-by: Tad <tad@spotco.us>
2023-08-21 09:25:10 -04:00
Tad
c90920965f
Remove some garbage
Signed-off-by: Tad <tad@spotco.us>
2023-08-20 16:11:44 -04:00
Tad
43e55668fd
Try to fixup cell service on crackling
netmgrd appears incompatible with hmalloc
noted by @fishy1337
https://github.com/Divested-Mobile/DivestOS-Build/issues/204#issuecomment-1676439970

Signed-off-by: Tad <tad@spotco.us>
2023-08-18 11:24:04 -04:00
Tad
ceec1584a9
Fixup hosts cache thanks to patch from @danielk43
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/198

Signed-off-by: Tad <tad@spotco.us>
2023-08-18 11:17:14 -04:00
Tad
2142e2e763
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-08-17 17:18:10 -04:00
Tad
9707326c4f
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-13 16:16:21 -04:00
Tad
160aee5049
Backport patch to handle verity with openssl 3.0
ref: https://github.com/Divested-Mobile/DivestOS-Website/pull/19

Signed-off-by: Tad <tad@spotco.us>
2023-08-11 18:53:01 -04:00
Tad
3a32beaad5
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-10 12:40:34 -04:00
Tad
cd0ede5a0d
Fix an inconsistency
As noted by @syphyr

Signed-off-by: Tad <tad@spotco.us>
2023-08-09 16:15:29 -04:00
Tad
877257692e
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-09 12:58:32 -04:00
Tad
974878988b
Fixup
Will regen later

Signed-off-by: Tad <tad@spotco.us>
2023-08-09 00:46:44 -04:00
Tad
51bcf23dac
14.1 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 23:41:40 -04:00
Tad
79e3fb6fb4
15.1 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 09:35:44 -04:00
Tad
4b2160cf56
16.0 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 07:48:57 -04:00
Tad
f52adb2bc5
17.1 August ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 06:31:22 -04:00
Tad
566decb5dd
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 05:14:44 -04:00
Tad
e627cdee05
Sync with @flamefire's Q_asb_2023-07
Signed-off-by: Tad <tad@spotco.us>
2023-08-08 05:01:00 -04:00
Tad
eef09ae519
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-08-07 18:07:19 -04:00
Tad
7ef5d9a9c4
Broken EUICC handling
Signed-off-by: Tad <tad@spotco.us>
2023-08-05 18:57:32 -04:00
Tad
180280b233
Update CVE patchers
TODO: adjust min version of CVE-2023-4132

Signed-off-by: Tad <tad@spotco.us>
2023-08-04 21:00:29 -04:00
Tad
c777c74717 16.0 Backports
- hosts toggle
- auto reboot
- bluetooth timeout
- unprivileged microG
- ptrace toggle
- exec spawning toggle

TODO: needs work

Signed-off-by: Tad <tad@spotco.us>
2023-07-27 16:35:00 -04:00
Tad
95a57748ea
Fix the fix
Signed-off-by: Tad <tad@spotco.us>
2023-07-25 13:03:44 -04:00
Tad
e458e9ddd4
Unbreak the F-Droid additional repos
microG pubkey was wrongly spanning multiple lines
likely from copy/paste of old diff

addresses https://gitlab.com/fdroid/fdroidclient/-/issues/2662

Signed-off-by: Tad <tad@spotco.us>
2023-07-25 13:01:45 -04:00
Tad
73414e76d2
Update CVE patchers
two lpes

Signed-off-by: Tad <tad@spotco.us>
2023-07-25 12:04:05 -04:00
Tad
c8d3354113
Patch from CalyxOS to make AOSP less spyware
Signed-off-by: Tad <tad@spotco.us>
2023-07-24 14:35:24 -04:00
Tad
e74f861c8e
Fixes + Churn
- Fix instances of awk failing on missing globs
- Remove unwanted packages from work/user/managed profiles
- Remove proprietary camera extensions

Signed-off-by: Tad <tad@spotco.us>
2023-07-24 03:59:51 -04:00
Tad
4bab1c31d7
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-19 16:05:51 -04:00
Tad
af57c5c857
Tweaks
Signed-off-by: Tad <tad@spotco.us>
2023-07-19 04:43:13 -04:00
Tad
aa6bfad801
Various
- Drop OpenCamera, it doesn't work on lock screens anymore?
- microG on 18.1+:
  - set packages forceQueryable
  - spoof some sources as Play Store
    TODO: backport this to 17.1
- Remove camera extensions
- Churn
- Wording

Signed-off-by: Tad <tad@spotco.us>
2023-07-15 18:22:07 -04:00
Tad
1c9076fffe
KSM tuning
- Only enable on Linux 3.0 through 4.9
- Always enable defer option
- Only run twice a second, instead of fifty times a second

Signed-off-by: Tad <tad@spotco.us>
2023-07-14 20:27:10 -04:00
Tad
11c286ecd4
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-14 17:27:20 -04:00
Tad
192c73146a
Add a toggle for KSM
Signed-off-by: Tad <tad@spotco.us>
2023-07-14 17:11:21 -04:00
Tad
b5bb498248
Many tweaks
- 19.1/20.0: Enable low ram for <6GB devices
- 20.0: support RROs with exec spawning patch from GrapheneOS
- allow work profiles when low ram is enabled
- churn
- cherrypicks

Signed-off-by: Tad <tad@spotco.us>
2023-07-13 16:40:05 -04:00
Tad
eff7a69bed
Small changes
- Another fix
- Deblobber tweaks
- Patch from GrapheneOS
- Cherrypick

Signed-off-by: Tad <tad@spotco.us>
2023-07-13 10:58:41 -04:00
Tad
fdeceb5c9c
Fixups
Signed-off-by: Tad <tad@spotco.us>
2023-07-10 22:50:33 -04:00
Tad
7a53edc390
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-10 17:11:15 -04:00
Tad
fc01bcba7f
Churn
Closes https://github.com/Divested-Mobile/DivestOS-Build/issues/222

Signed-off-by: Tad <tad@spotco.us>
2023-07-09 21:23:25 -04:00
Tad
ad8e5b631a
16.0+17.1: Extra July ASB backport from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
2023-07-09 14:49:51 -04:00
Tad
fb0064ffbf
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-09 14:43:06 -04:00
Tad
83cbcfa39b
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-07-08 15:21:06 -04:00
Tad
9d6662dee7
15.1 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 18:00:23 -04:00
Tad
293f97d678
16.0 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 17:24:47 -04:00
Tad
4db68c3de1
Fixup b92655da
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 15:28:55 -04:00
Tad
b92655dac4
17.1 July ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 14:17:23 -04:00
Tad
2651f33e5c
ASB cherrypicks
Signed-off-by: Tad <tad@spotco.us>
2023-07-07 13:44:00 -04:00
Tad
5bc210f135
Adjust microg config path
/product can't be used for now
https://github.com/microg/GmsCore/issues/1976

also move the wording around so it can be easier to remove later
after a new release is tagged

Signed-off-by: Tad <tad@spotco.us>
2023-07-07 13:33:48 -04:00
Tad
492ed24ca2
Fixups
Signed-off-by: Tad <tad@spotco.us>
2023-07-06 17:59:25 -04:00
Tad
34f2d0d15a
Tweak micorG defaults
New options added
4772008582

Signed-off-by: Tad <tad@spotco.us>
2023-07-06 14:39:38 -04:00
Tad
c4666a33b7
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-07-05 19:42:40 -04:00
Tad
c9a7ff8bba
Override all microG defaults to disabled
TODO after fixed:
SafetyNet: https://github.com/microg/GmsCore/issues/1971
Geocoder: https://github.com/microg/GmsCore/issues/1972

Signed-off-by: Tad <tad@spotco.us>
2023-07-04 14:48:18 -04:00
Tad
a96f74ca28
Enable the opt-in unprivileged microG enablement patchset
Runtime tested: 17.1, 18.1, 20.0
Compile tested: 19.1

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 21:50:08 -04:00
Tad
b7d37053c3
Further harden signature spoofing with targetSdk and versionCode checks
- Also fix compile for 17.1, rest should be fine

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 17:33:34 -04:00
Tad
f2c8005853
16.0: switch to upstream P_asb_2023-06
Has two extra patches for Traceur, but misses a patch for CarSettings

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:22:32 -04:00
Tad
4282c7c35f
Backports of 0f4044e2 to 17.1/18.1/19.1
Also don't grant any special location permissions

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 15:17:56 -04:00
Tad
0f4044e242
20.0: opt-in hardened unprivileged microG ability
Unlike other systems which ship privileged microG out of the box:
- User must enable microG repo in F-Droid
- User must install official microG apps (GmsCore/FakeStore/GSF)
- User must enable the microG toggle in Settings
- NOT a privileged app, not all features will work
- gmscore SELinux domain is still disabled

Signed-off-by: Tad <tad@spotco.us>
2023-07-03 13:45:06 -04:00
Tad
2e2ac4557d
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-26 19:41:11 -04:00
Tad
dc4d6b0901
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-20 18:36:31 -04:00
Tad
1e7f10d6b6
20.0: drop June ASB patches
QPR3 has been merged

Signed-off-by: Tad <tad@spotco.us>
2023-06-20 16:22:02 -04:00
Tad
5146f67cee
Churn
Signed-off-by: Tad <tad@spotco.us>
2023-06-18 07:34:03 -04:00
Tad
cda898f141
Certificate Authority store updates
- Remove some untrustworthy CAs
- Update CA store for all branches to aosp/e302aa968334b3c3fc9cd709a7c7661e0cf534eb

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:54 -04:00
Tad
41e2669884
17.1: switch to flamefire's ASB topics
This gets us ~9 extra patches

Signed-off-by: Tad <tad@spotco.us>
2023-06-17 15:13:46 -04:00
Tad
a07133a064
Update CVE patchers
Signed-off-by: Tad <tad@spotco.us>
2023-06-16 11:03:46 -04:00
Tad
e2ca79c607
20.0: add dot.sb DNS preset
Signed-off-by: Tad <tad@spotco.us>
2023-06-14 19:42:30 -04:00
Tad
0dde119d7e
20.0 June ASB work + churn
QPR3 is delayed a week now

Patches pulled from GrapheneOS and checked against CalyxOS

Signed-off-by: Tad <tad@spotco.us>
2023-06-12 21:06:42 -04:00
Tad
8c7f3daa00
15.1+16.0 June ASB work
Signed-off-by: Tad <tad@spotco.us>
2023-06-10 05:16:45 -04:00
Tad
ab52996e4f
16.0: switch to upstream topic for May ASB patches
They're identical
I'll likely eventually pull them back in anyway

Signed-off-by: Tad <tad@spotco.us>
2023-06-10 01:57:59 -04:00